• Nenhum resultado encontrado

Report #10652

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2023

Share "Report #10652"

Copied!
19
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 19 páginas )

Texto

(1)

Binary

DLL False

Size 485.00KB

trid 62.0% Generic CIL Executable

23.4% Win64 Executable

5.5% Win32 Dynamic Link Library 3.8% Win32 Executable

1.7% OS/2 Executable

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 29fe793a432bfccb58d667ffb3b32547

sha1 d7cce5305cb72e8f0ac1331c1178527e9936a071

crc32 0x3702989e

sha224 f828894c1daf5b8ce113ade4984d69f89eefea09de0ea5f2ba50a21f

sha256 3f4d8c350538601c60ddb8393b0c70904bbb81be0b59478770730dfe7a243 e76

sha384 711ccdc540f35669f734de64b5b9b199fcf52866271d471996172e81e8d634 90ea6683e9d31d5b47527602cf101e0521

sha512 43cbb5ace671963742b3727407e03c223850e168b54a03ea3a48b9b51e68 558e5289b1d70d994bfcc5788530fb079b7bc523f7d23a401cad734e4b00eb be09df

ssdeep 12288:M97neNfY4FpVCDbZVLr3u0tPETxLPbMB4dfBfjc0:M97nk3aVVLreSEFL

Community

Report #10652

Creation Date: June 19, 2020, 5:13 p.m.

Last Update: June 19, 2020, 5:18 p.m.

File:

signed_19272.exe Results:

(2)

Google False

HashLib False

YARA

Matches NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Micr osoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_

executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious True

Strings

List

System.IO

<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>

EngineC.Properties kK.ad

M.cN U.CN

System.Security.Cryptography P.ZA

1.0.0.0 1.0.0.0 1.0.0.0 1.0.0.0 16.0.0.0

EngineC.Properties.Resources.resources _player

4%*os S%a8o

set_AllowUserToDeleteRows IsCompleted

completed

%o'cN e%#Eh

3System.Resources.Tools.StronglyTypedResourceBuilder SP%fyyEr

%sBOC

%GsAY

System.Windows.Forms mscoree.dll

$57a2c727-262a-4402-8247-009ae504006c get_ResourceManager

SecurityForm

DebuggerBrowsableState DebuggableAttribute

ITEM_ID_PARCHMENT_PAPER

(3)

DebuggingModes MarkQuestCompleted ResourceManager get_Encrypted2

LOCATION_ID_SPIDER_FIELD ITEM_ID_SILVER_PISTOL

QUEST_ID_CLEAR_FARMERS_FIELD ADf9

ITEM_ID_BLESSED_RIFLE ITEM_ID_RAGGED_CLOTH LOCATION_ID_BRIDGE LOCATION_ID_HOME MONSTER_ID_CULTIST LOCATION_ID_FARM_FIELD ITEM_ID_CLUB

ITEM_ID_DEMONIC_CORE ITEM_ID_NECRONOMICON ITEM_ID_ECTOPLASM ITEM_ID_DEAD_FLESH ITEM_ID_HEALING_POTION ITEM_ID_ROTTEN_ABSCESS ITEM_ID_RUSTY_SWORD RSMD_EC

8\%/

RandomNumberGenerator ]%/,

CreateDecryptor RijndaelManaged Encrypted2 ICryptoTransform 1aR?

Jjow.exe Jjow.exe Jjow.exe

<requestedExecutionLevel level="asInvoker" uiAccess="false"/>

6=0.ru

ComponentResourceManager set_StartPosition

LOCATION_ID_GUARD_POST DebuggerBrowsableAttribute DebuggerNonUserCodeAttribute

&I428WS>3i _CorExeMain 7+v^ztDooh set_Height heW5M(lu get_UTF8 OS#T2AMp

get_ButtonHighlight '1\nf/pa

K6|Yse4

btnEast_Click_1 set_AutoScaleMode get_Current

@E$NRU"M get_IsCompleted set_IsCompleted set_CriticalDamage get_CriticalDamage

(4)

D<i.2C,bv get_Rows

get_CurrentDomain get_Controls

set_DropPercentage set_ClientSize 61Yr)*A

Foremost

Matches 0.exe, 485 KB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed

hasURLs: False Suspicious

hasAllowed: False hasSuspicious: False

Files Allowed: mscoree.dll

hasFiles: True Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 2048

Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 512 Suspicious: False

(5)

Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .rsrc, .reloc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 48.0 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 502158

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: mscoree.dll

hasLibs: True Suspicious

hasAllowed: True hasSuspicious: False

Timestamp Past: False

(6)

Valid: True

Value: 2020-05-17 16:13:00 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, . NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation XOR: False

Fuzzing: False

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret .text: 205

pushpopmath .text: 277

ss register .text: 1

garbagebytes .text: 61

hookdetection .text: 4

software breakpoint .text: 5

fakeconditionaljumps .text: 4

programcontrolflowchange .text: 57

(7)

cpuinstructionsresultscomparison .text: 16

AVclass

agenttesla 1

VirusTotal

md5 29fe793a432bfccb58d667ffb3b32547

sha1 d7cce5305cb72e8f0ac1331c1178527e9936a071

SCANS (DETECTION RATE = 54.93%)

AVG result: Win32:PWSX-gen [Trj]

update: 20200518 version: 18.4.3895.0 detected: True

CMC update: 20190321

version: 1.1.0.977 detected: False

MAX result: malware (ai score=86)

update: 20200518 version: 2019.9.16.1 detected: True

APEX result: Malicious

update: 20200516 version: 6.22 detected: True

Bkav update: 20200518

version: 1.3.0.9899 detected: False

K7GW update: 20200518

version: 11.110.34125 detected: False

ALYac update: 20200518

version: 1.1.1.5 detected: False

Avast result: Win32:PWSX-gen [Trj]

(8)

update: 20200518 version: 18.4.3895.0 detected: True

Avira result: TR/AD.AgentTesla.etkye

update: 20200518 version: 8.3.3.8 detected: True

Baidu update: 20190318

version: 1.0.0.2 detected: False

Cyren update: 20200518

version: 6.3.0.2 detected: False

DrWeb result: Trojan.PWS.Siggen2.49003

update: 20200518 version: 7.0.46.3050 detected: True

GData result: Win32.Trojan-Stealer.AgentTesla.WAUWDT update: 20200518

version: A:25.25662B:26.18776 detected: True

Panda update: 20200518

version: 4.6.4.2 detected: False

VBA32 result: CIL.HeapOverride.Heur

update: 20200518 version: 4.4.0 detected: True

VIPRE update: 20200518

version: 83814 detected: False

Zoner update: 20200517

version: 0.0.0.0 detected: False

ClamAV update: 20200518

version: 0.102.3.0 detected: False

(9)

Comodo update: 20200518 version: 32453 detected: False

F-Prot update: 20200518

version: 4.7.1.166 detected: False

Ikarus result: Trojan.Inject

update: 20200518 version: 0.1.5.2 detected: True

McAfee result: RDN/Generic.dx

update: 20200518 version: 6.0.6.653 detected: True

Rising result: Trojan.GenKryptik!8.AA55 (CLOUD) update: 20200518

version: 25.0.0.25 detected: True

Sophos result: Mal/Generic-S

update: 20200518 version: 4.98.0 detected: True

Yandex update: 20200518

version: 5.5.2.24 detected: False

Zillya update: 20200518

version: 2.0.0.4092 detected: False

Acronis update: 20200515

version: 1.1.1.76 detected: False

Alibaba update: 20190527

version: 0.3.0.5 detected: False

(10)

Arcabit update: 20200518 version: 1.0.0.875 detected: False

Cylance result: Unsafe

update: 20200518 version: 2.3.1.101 detected: True

Endgame result: malicious (high confidence) update: 20200512

version: 4.0.2 detected: True

FireEye result: Generic.mg.29fe793a432bfccb

update: 20200508 version: 32.31.0.0 detected: True

Sangfor update: 20200423

version: 1.0 detected: False

TACHYON update: 20200518

version: 2020-05-18.01 detected: False

Tencent update: 20200518

version: 1.0.0.1 detected: False

ViRobot update: 20200518

version: 2014.3.20.0 detected: False

Webroot update: 20200518

version: 1.0.0.403 detected: False

eGambit result: Unsafe.AI_Score_100%

update: 20200518 detected: True

Ad-Aware result: Trojan.GenericKD.43176955 update: 20200518

version: 3.0.5.370 detected: True

(11)

AegisLab result: Trojan.MSIL.Agensla.i!c update: 20200518

version: 4.2 detected: True

Emsisoft result: Trojan.GenericKD.43176955 (B) update: 20200518

version: 2018.12.0.1641 detected: True

F-Secure result: Trojan.TR/AD.AgentTesla.etkye update: 20200518

version: 12.0.86.52 detected: True

Fortinet result: MSIL/Agensla.EKSW!tr.pws update: 20200518

version: 6.2.142.0 detected: True

Invincea result: heuristic

update: 20200502 version: 6.3.6.26157 detected: True

Jiangmin update: 20200518

version: 16.0.100 detected: False

Kingsoft update: 20200518

version: 2013.8.14.323 detected: False

Paloalto result: generic.ml

update: 20200518 version: 1.0 detected: True

Symantec result: ML.Attribute.HighConfidence update: 20200518

version: 1.11.0.0 detected: True

Trapmine update: 20200505

version: 3.2.25.947 detected: False

(12)

AhnLab-V3 result: Trojan/Win32.MSILKrypt.R336818 update: 20200518

version: 3.17.6.27456 detected: True

Antiy-AVL update: 20200518

version: 3.0.0.1 detected: False

Kaspersky result: HEUR:Trojan-PSW.MSIL.Agensla.gen update: 20200518

version: 15.0.1.13 detected: True

MaxSecure result: Trojan.Malware.300983.susgen update: 20200518

version: 1.0.0.1 detected: True

Microsoft result: Trojan:Win32/Occamy.AA

update: 20200518 version: 1.1.17000.7 detected: True

Qihoo-360 update: 20200518

version: 1.0.0.1120 detected: False

ZoneAlarm result: HEUR:Trojan-PSW.MSIL.Agensla.gen update: 20200518

version: 1.0 detected: True

ESET-NOD32 result: a variant of MSIL/Kryptik.VYH update: 20200518

version: 21346 detected: True

TrendMicro result: TROJ_FRS.VSNTEI20

update: 20200518 version: 11.0.0.1006 detected: True

BitDefender result: Trojan.GenericKD.43176955 update: 20200518

version: 7.2

(13)

detected: True

CrowdStrike result: win/malicious_confidence_100% (W) update: 20190702

version: 1.0 detected: True

K7AntiVirus update: 20200518

version: 11.110.34124 detected: False

SentinelOne result: DFI - Malicious PE update: 20200513 version: 4.3.0.0 detected: True

Avast-Mobile update: 20200518

version: 200518-00 detected: False

Malwarebytes result: Spyware.AgentTesla update: 20200518

version: 3.6.4.335 detected: True

CAT-QuickHeal update: 20200518

version: 14.00 detected: False

NANO-Antivirus update: 20200518

version: 1.0.134.25112 detected: False

BitDefenderTheta result: Gen:NN.ZemsilF.34110.Em0@a4f2dVf update: 20200514

version: 7.2.37796.0 detected: True

MicroWorld-eScan result: Trojan.GenericKD.43176955 update: 20200518

version: 14.0.409.0 detected: True

SUPERAntiSpyware update: 20200513 version: 5.6.0.1032 detected: False

(14)

McAfee-GW-Edition result: BehavesLike.Win32.Generic.gc update: 20200518

version: v2017.3010 detected: True

TrendMicro-HouseCall result: TROJ_FRS.VSNTEI20 update: 20200518

version: 10.0.0.1040 detected: True

total 71

sha256 3f4d8c350538601c60ddb8393b0c70904bbb81be0b59478770730dfe7a243 e76

scan_id 3f4d8c350538601c60ddb8393b0c70904bbb81be0b59478770730dfe7a243 e76-1589815129

resource 29fe793a432bfccb58d667ffb3b32547

permalink https://www.virustotal.com/gui/file/3f4d8c350538601c60ddb8393b0c70904 bbb81be0b59478770730dfe7a243e76/detection/f-3f4d8c350538601c60dd b8393b0c70904bbb81be0b59478770730dfe7a243e76-1589815129

positives 39

scan_date 2020-05-18 15:18:49

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\mscorrc.dll.DLL

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\System32\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\System32\mscorrc.dll.DLL

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\mscorrc.dll

(15)

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\system\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Monitor\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\mscorrc.dll

19/6/2020 - 16:45:4

2.637 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\wbem\mscorrc.dll

19/6/2020 - 16:45:4

2.684 Open 148

0

C:\malware.

exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\

mscorrc.dll

19/6/2020 - 16:45:4

2.684 Open 148

0

C:\malware.

exe C:\malware.exe.config

19/6/2020 - 16:45:4

2.684 Open 148

0

C:\malware.

exe C:\Windows\Microsoft.NET\Framework\v4.0.40305

19/6/2020 - 16:45:4

2.684 Open 148

0

C:\malware.

exe C:\Windows\Microsoft.NET\Framework\v4.0.40305

19/6/2020 - 16:45:4

2.731 Open 148

0

C:\malware.

exe C:\Windows\Fonts\StaticCache.dat

19/6/2020 - 16:45:4

2.731 Read 148

0

C:\malware.

exe C:\Windows\Fonts\StaticCache.dat StaticCache.

dat

19/6/2020 - 16:45:4

2.731 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\uxtheme.dll

19/6/2020 - 16:45:4

2.731 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\uxtheme.dll

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\dwmapi.dll

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\dwmapi.dll

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\dwmapi.dll

(16)

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\ole32.dll

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\ole32.dll

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\rpcss.dll

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\Windows\SysWOW64\rpcss.dll

19/6/2020 - 16:45:4

2.778 Open 148

0

C:\malware.

exe C:\Windows\Globalization\Sorting\SortDefault.nls

19/6/2020 - 16:45:4 2.778

Unkno wn

148 0

C:\malware.

exe C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.

nls

Process

Trace

Analysis

Reason Timeout

Status Sucessfully Executed

Results 1

Registry

Trace

File Summary

Created Identified: False

Deleted Identified: False

(17)

Process Summary

Created Identified: False

Deleted Identified: False

Registry Summary

Proxy Identified: False

AutoRun Identified: False

Created Identified: False

Deleted Identified: False

Browsers Identified: False

Internet Identified: False

DNS

Query

Response

TCP

Info

UDP

Info

(18)

HTTP

Info

Summary

DNS False

TCP False

UDP False

HTTP False

Results

BINARY

KNN (K=3, NFS-BRMalware) confidence: 66.67%

suspicious: False

Decision Tree (NFS-BRMalware) confidence: 100.00%

suspicious: True

SVC (Kernel=Linear, NFS-BRMalware) confidence: 69.81%

suspicious: False

MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 65.03%

suspicious: False

Random Forest (100 estimators, NFS-BRMalware) confidence: 64.00%

suspicious: True

(19)

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 67.80%

suspicious: True

LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 100.00%

suspicious: True

Referências

Descarregar agora ( PDF - 19 páginas - 109.01 KB )

Documentos relacionados

Report #1398

Stack: 16384 Suspicious: False Headers. Headers: 4096 Suspicious: False

Report #13394

Stack: 4096 Suspicious: False Headers. Headers: 512 Suspicious: False

Report #6637

Stack: 16384 Suspicious: False Headers. Headers: 1024 Suspicious: False

Report #6244

Stack: 4096 Suspicious: False Headers. Headers: 512 Suspicious: False

Report #9570

Suspicious: True Directories Number: 16 Suspicious: False. Checksum

Report #10675

Stack: 4096 Suspicious: False Headers. Headers: 4096 Suspicious: False

Report #6158

Stack Stack: 4096 Suspicious: False Headers. Headers: 512 Suspicious: False

Report #13346

Address: 4194304 Suspicious: False Stack. Stack: 8192 Suspicious: False